Last month, Microsoft issued no new security
bulletins as part of its monthly update. Not one. Nada. Zip. Zilch.
This month, though, the tune has changed, as nine patches are on tap, some of
them rated as “critical.” According to reports, Windows XP itself may also
be getting a Service Pack 3 release in 2006.
True to form, Microsoft is vague in its advance bulletins about patches
and has not disclosed the specific issues that will be addressed. Eight of the
issues set to be patched will involve Windows, and there’s one that specifically
affects Microsoft Exchange.
Internet Explorer is among the Windows applications that are likely to be
patched. Security firm Secunia reports that there are numerous unpatched vulnerabilities in IE. Among them is the “XMLHTTP” HTTP Request Injection vulnerability which “can be exploited by malicious people
to manipulate certain data and conduct HTTP request smuggling attacks.”
A significantly more invasive update than the simple patches offered on
Microsoft’s monthly patch Tuesday may also be in the works.
A website called The Hotfix is claiming it has a
preview “unofficial” version of Windows XP Service Pack 3. A Microsoft
spokesperson was not immediately available for comment.